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FEDERAL  STANDARD 

TELECOMMUNICATIONS:  GENERAL  SECURITY  REQUIREMENTS 
FOR  EQUIPMENT  USING  THE  DATA  ENCRYPTION  STANDARD 


This  standard  is  issued  by  the  General  Services  Administration  pursuant  to 
the  Federal  Property  and  Administrative  Services  Act  of  1949,  as  amended. 


I.  Scope 


1.1  Description.  This  standard  specifies  the  minimum  general  security  requirements  that  are  to  be  satisfied  in 
implementing  the  Data  Encryption  Standard  (DES)  algorithm  in  a  telecommunications  environment.  The  DES  itself 
specifies  an  algorithm  used  for  cryptographically  protecting  certain  U.S.  Government  information.  (This  algorithm  is 
described  in  Federal  Information  Processing  Standards  Publication  46).  The  requirements  defined  in  this  standard  affect 
the  security  of  equipment  implementing  the  DES  algorithm.  Other  security  requirements,  which  relate  to  the  interface 
and  interoperability  of  DES  cryptographic  equipment  with  associated  terminal  equipment  (e.g.,  narrative  text,  automatic 
data  processing,  digital  facsimile,  digital  voice,  etc.),  will  be  addressed  in  other  Federal  telecommunication  standards. 

1.2  Security  Obiectives.  This  standard  addresses  the  following  security  obiectives: 

a.  To  prevent  inadvertent  transmission  of  plain  text. 

b.  To  prevent  theft,  unauthorized  use,  or  unauthorized  modification  of  DES  cryptographic  equipment  while 
installed. 

c.  To  prevent  unauthorized  disclosure  or  modification  of  key  variables  while  in  DES  cryptographic  equipment. 

d.  To  provide  interoperability  between  key  variable  loaders  and  DES  cryptographic  equipment,  and  facilitate  the 
use  of  standardized  keying  material  for  U.S.  Government  applications  of  the  DES  algorithm. 

e.  To  prevent  data  encryption  when  a  critical  cryptographic  failure  condition  exists,  and  to  generate  an  alarm 
upon  detection  of  a  critical  cryptographic  failure. 

1.3  Purpose.  This  standard  prescribes  security  requirements  for  implementation  of  the  DES  in  telecommunication 
equipment  ana  systems  used  by  the  departments  and  agencies  of  the  U.S.  Government. 

~1.4  Application.  This  standard  applies  to  all  DES  crvotograohic  components,  equipment,  systems,  and  services 
procured  (including  lease)  by  U.S.  Government  departments  and  agencies  for  the  encryption  of  digital  information  in  the 
telecommunications  environment.  This  includes  stand-alone  DES  cryptographic  equipment  as  well  as  anv  Data  Terminal 
Equipment  and  Data  Circuit-terminating  Equipment  utilizing  the  DES  algorithm  for  digital  encryption.  When  DES 
cryptographic  equipment  is  integrated  into  Data  Terminal  Equipment  (DTE)  or  Data  Circuit-terminating  Equipment 
(DCE).  this  standard  applies  to  those  portions  of  the  DTE  or  DCE  design  which  implement  the  security  requirements  of 
this  standard.  The  same  degree  of  protection  is  required  whether  DES  cryptographic  equipment  is  in  stand-alone  units  or 
is  physically  embedded  in  associated  equipment.  Guidance  to  facilitate  the  application  of  this  standard,  with  respect  to 
degradation  of  its  securttv  by  imorooer  implementation  or  use,  will  be  provided  for  in  a  revision  to  Federal  Property 
Management  Regulation  41,  Code  of  Federal  Regulations  101-35.3. 

1.5  Verifying  Conformance.  Procedures  for  verifying  that  DES  cryptographic  equipment  conform  with  this  standard 
are  available  irom  the  preparing  activity. 

1.6  Definitions  and  Conventions.  The  following  definitions,  conventions,  and  terminology  apply  in  this  standard. 

a.  Bypass:  A  condition  which  allows  plain  text  to  pass  through  equipment  unaltered,  with  or  without  some  delay. 

b.  DES:  The  Data  Encryption  Standard  algorithm  specified  in  Federal  Information  Processing  Standards 
Publication  46. 


> 


C.  DES  Cryptographic  Equipment:  Equipment  embodying  one  or  more  DES  devices  and  associated  controls, 
interfaces,  power  supplies,  alarms,  and  the  related  hardware,  software,  and  firmware  used  to  encrypt,  decrypt, 
authenticate,  and  perform  similar  operations  on  information. 
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d.  DES  Device:  The  electronic  hardware  Dart  or  subassembly  which  implements  lust  the  PiFS  aleonthm  soecified 
in  Federal  Information  Processing  Standards  Publication  46,  and  which  is  validated  bv  the  National  bureau  of 
Standards. 

e.  Initializing  Vector  (IV):  A  vector  used  in  defining  the  starting  oomt  of  an  encryption  process  within  a  Dps 
device. 

f.  Key  Generator:  A  DES  device  plus  those  additional  cryptographic  functions  required  to  imolement:  (1)  a 
particular  mode  of  encryption;  (2)  combining  of  plain  text  or  cipher  text  with  rags  device  output:  (3)  the 
initializing  vector;  and  (4)  associated  alarms  and  self-testing. 

g.  Key  Variable:  A  64-bit  input  to  DES  cryptographic  eauipment,  with  3  bits  used  for  parity  checking  and  ^6  bits 
used  in  the  DES  device  for  encryption  or  decryption.  Unless  otherwise  stated,  reference  to  a  DES  key  variable 
means  a  key  variable  in  its  unencrypted  form. 

h.  Key  Variable  Loader  An  electronic,  self-contained  unit  which  is  capable  of  storing  at  least  one  64-bn  DES 
key  variable  and  transferring  that  key  variable,  upon  request,  into  OES  cryptograohic  eauipment. 

i.  Message:  A  generic  term  used  to  describe,  in  the  broadest  sense,  information  to  be  transferred  which  is 
represented  by  a  .digital  sequence.  This  sequence  should  be  numbered  1,2,.  .  .,N,  where  1  represents  the 
information  unit  transmitted  first. 

j.  Physical  Key:  A  device  used  to  operate  a  mechanical  lock. 

k.  Pseudorandom  Binary  Process:  A  deterministic  technique  for  producing  a  seauence  of  binary  digits  which 
satisfy  the  statistical  properties  of  a  random  bit  stream. 

L  S-Box:  A  nonlinear  function  which  substitutes  four  output  bits  for  six  input  bits  within  a  OES  device  to  make 
the  OES  algorithm  a  nonlinear  process  (see  Federal  Information  Processing  Standards  Publication  46). 

m.  Zeroization:  A  method  of  erasing  an  electronically  stored  OES  key  variable  bv  removing  electrical  power 
from  the  electronic  storage,  by  overwriting  that  storage  with  an.  all  ONEs  or  ZEROs  pattern,  or  by  otherwise 
irrevocably  altering  the  contents  of  the  OES  key  variable  storage. 


2.  Referenced  Documents 

a.  Federal  Information  Processing  Standards  Publication  46:  DATA  ENCRYPTION  STANDARD.  January,  1977. 
(Copies  of  this  standard  are  available  from  the  National  Technical  Information  Service,  IJ.S.  Department  of 
Commerce,  5285  Port  Royal  Road,  Springfield,  VA  22161.) 

b.  Federal  Information  Processing  Standards  Publication  SI:  OES  MOOES  OF  OPERATION.  December,  1980. 
(Cooies  of  this  standard  are  available  from  the  National  Technical  Information  Service,  IJ.S.  Deoartment  of 
Commerce,  5285  Port  Royal  Road,  Springfield,  VA  22I6L) 

C.  Federal  Standard  1031:  TELECOMMUNICATIONS:  GENERAL  Pf JR  POSE  37-POSITION  AND  4-POSITION 
INTERFACE  BETWEEN  DATA  TERMINAL  EOUIPMENT  AND  DATA  CIR  Cl  MT-TFRWN  ATING  EOUIPmFNT. 
(Cooies  of  this  standard  are  available  from  GSA,  Specifications  and  Consumer  Information  Distribution  Branch 
(WFSIS),  Bldg.  197  (Washington  Navy  Yard),  Washington,  DC  204073, 

d.  Military  Standard  461B:  ELECTROMAGNETIC  EMISSION  AND  SUSCEPTIBILITY  REOUIR  EVENTS  FOR  THE 
CONTROL  OF  ELECTROMAGNETIC  INTERFERENCE.  (Cooies  of  this  standard  are  available  from  the  Naval 
Publications  and  Forms  Center,  5801  Tabor  Avenue,  Philadelphia,  PA  19120.) 

e.  Military  Standard  462 :  MEASUREMENT  OF  ELECTROMAGNETIC  INTERFERENCE  CHARACTERISTICS. 
(Cooies  of  this  standard  are  available  from  the  Naval  Publications  and  Forms  Center,  5801  Tabor  Avenue, 
Philadelphia,  PA  19120.) 

f.  National  Bureau  of  Standards  Special  Publication  500-20:  VALIDATING  THF.  CORRECTNESS  OF  HARDWARC 
IMPLEMENTATIONS  OF  THE  N8S  DATA  ENCRYPTION  STANDARD.  September,  1980.  (Copies  of  this 
publication  are  available  as  SN  003-003-01861-9  from  the  Superintendent  of  Documents,  U.S.  Government  Printing 
Office,  Washington,  D.C.  20402.) 

g.  National  Bureau  of  Standards  Special  Publication  500-61:  MAINTENANCE  TESTING  FOR  THE  DATA 
ENCRYPTION  STANDARD.  August,  1980.  (Cooies  of  this  publication  are  available  as  SN  003-003-02225-0  from 
the  Superintendent  of  Documents,  U.S.  Government  Prtnting  Office,  Washington,  D.C.  20402.) 

h.  Prooosed  Federal  Standard  1026:  TELECOMMUNICATIONS:  INTEROPERABILITY  AND  SECURITY 
REQUIREMENTS  FOR  USE  OF  THE  DATA  ENCRYPTION  STANDARD  IN  THE  PHYSICAL  ANn  DATA  LINK 
LAYERS  OF  DATA  COMMUNICATIONS;  dated  June  l,  1931. 
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3.  R  equirements 

3.1  Phvsical  Security.  DES  cryptographic  equipment  shall  be  designed  to  restrict  physical  access  to  mtemallv  stored 
0E5  key  variaoies  and  to  deter  thelt.  unauthorized  use,  or  unauthorized  modification  of  the  equipment  *nen  installed, 
^he  level  of  physical  security  provided  shall  be  such  that  unauthorized  attemots  at  access  or  use  will  either  be 
^successful  or  will  have  a  high  probability  of  being  detected  during  penetration  or  subsecuent  to  penetration.  The 
^^illation  design  must  minimize  the  possibility  of  penetration  which  cannot  be  visually  detected. 

Locks.  At  least  one  lock  shall  be  used  to  limit  access  to  the  key  variable  entry  controls.  When  the  Cipher 
Block  Chaining  mode  is  used  and  the  Initializing  Vector  ( I V3  is  externally  entered  into  OES  crvptograpntc  equipment, 
access  to  the  associated  controls  shall  be  limited  by  the  same  lock  which  protects  the  kev  variaole  entry  controls.  In 
addition,  certain  other  controls  shall  be  operated  by  means  of  a  physical  kev-ooerated  selection  switch  or  shall  be 
accessible  only  upon  opening  or  removing  a  locked  cover  (see  section  2.7).  The  physical  key  used  to  operate  or  access 
these  controls  shall  be  different  from  the  physical  key  used  to  limit  access  to  the  key  variable  entry  controls.  Note  that 
the  two  locks  previously  described  may  be  used  in  coniunction  with  each  other  ("two  person  control^  when  protection 
against  the  possibility  of  unauthorized  use  is  considered  necessary.  All  locks  shall  be  of  the  pick-resistant  variety 
(MEDECO  or  equivalent). 

3.1.2  Mounting.  A  means  shall  be  provided  to  protect  against  theft  and  substitution  of  OES  cryptographic  equipment 
when  installed  (with  or  without  a  key  variable  present).  A  solution  such  as  a  mounting  mechanism  accessible  only  from 
the  interior  of  the  locked  equipment  shall  be  used  to  deter  removal  of  the  equipment  by  any  means  other  than 
determined  force. 


3.L3  Standby  Periods.  OES  cryptographic  equipment  shall  be  designed  so  that  operating  personnel  can  conveniently 

make  it  inooeraoie  (wnile  retaining  the  kev  variaple)  during  periods  when  the  equipment  is  in  standby,  and  not  in 
operation.  This  shall  be  implemented  in  such  a  manner  as  to  prevent  unauthorized  use,  for  example,  by  reaooiication  of 
power.  Once  placed  in  standby,  equipment  shall  not  be  capable  of  being  restored  to  operation  without  the  operation  of  at 
least  one  lock. 

3 .1.4  Equipment  Enclosure.  DES  cryptographic  equipment  enclosures  shall  be  designed  such  that  a  physical  lock  must 

be  operated  in  order  to  disassemble  the  equipment  to  an  extent  that  would  permit  undetectable  access  to  internal 
circuitry.  Also,  ail  holes  placed  in  the  outside  surface  of  the  equipment  during  manufacture  shall  be  located  such  that 
undetectable  access  to  kev  variable  storage  and  processing  circuitry,  as  well  as  undetectable  disassembly  of  the 
equipment,  are  not  possible  using  these  holes. 

3.2  Kev  Variables.  The  security  provided  by  DES  cryptograohic  equipment  is  dependent  upon  the  DES  key  variable. 
The  same  DES  key  variable  must  be  inserted  into  equipment  in  a  link  or  network  to  make  a  grouping  of  equipment 
cryptograohicaily  unique  and  compatible.  A  DES  key  variable  consists  of  64  bits  (K1  through  K64),  56  bits  of  wnicn  are 
randomly  or  pseudorandom ly  derived  and  3  bits  of  which  are  odd  parity  check  bits.  Each  bit  of  odd  parity  is  computed 
[individually  on  its  preceding  seven-bit  group  of  random  or  pseudorandom  bits  according  to  the  convention  shown  in  taole  L 

■2.1  Kev  Variable  Entry.  Two  approved  methods  of  entering  unencrypted  DES  key  variables  into  DES  cryptograohic 
Kjuipment  are  described  below.  All  DES  cryptograohic  equipment  shall  utilize  at  least  one  of  these  two  methods  of  key 
variable  entry.  This  is  required  to  perform  one  or  more  of  the  following:  (1)  to  enter  DES  kev  variables  for  normal 
encryption  and  decryption,  (2)  to  provide  the  capability  to  enter  a  key  variable  to  decrypt  encrvoted  and  electronically 
transmitted  key  variables,  and  (3)  to  facilitate  maintenance.  Ciphertext  output  shall  be  inhibited  during  transfer  of  key 
variables  into  DES  devices.  A  means  of  permitting  operating  personnel  to  either  conveniently  correct  errors  made  during 
manual  key  variable  entry  or  to  reenter  the  entire  key  variable  shall  be  provided.  When  a  DES  key  variaole  is  assembled 
into  a  single  64-bit  sequence,  the  bits  shall  be  ordered  in  the  following  manner:  K1,K2,  .  .  ,K64.  This  numbering 
corresponds  to  the  numbering  of  key  variable  bits  defined  in  Federal  Information  Processing  Standards  Puolication  46. 

3. 2.1.1  Method  1.  DES  cryptographic  equipment  may  contain  an  integral  capability  to  manually  enter  DES  key  variables 
from  printed  form.  The  printed  DES  key  variables  shall  consist  of  a  sequence  of  16  symoois  (V1.V2,  .  .,V16)  entered 
starting  with  the  left-most  symbol  (VI).  Each  printed  symbol  represents  a  four-bit  binary  word  corresponding  to  four  bits 
of  the  DES  key  variable,  as  defined  in  table  2.  Manual  entrv  can  be  accomplished  by  any  technique  which  provides 
relatively  easy,  reliable  loading  (e.g.,  keyboard,  rotarv  switches,  thumbwheel  switches,  etc.).  If  a  DES  key  variaole  is 
displayed  electrically  or  mechanically,  all  visual  residue  of  the  DES  key  variable  shall  be  removed  automatically  after  it 
is  accepted  as  valid  (see  section  3.2.4). 

3.2.1.2  Method  2.  DES  cryptograohic  equipment  may  accept  key  variables  in  electronic  form  from  an  externally 
connected  key  variable  loader  in  accordance  with  the  electrical  and  mechanical  interface  requirements  of  this  standard. 
When  the  64-bit  DES  key  variable  sequence  is  transferred  serially,  the  order  of  transfer  is  as  listed  in  section  3.2.1,  with 
K1  being  the  first  bit  transferred.  After  a  DES  key  variable  has  been  entered  into  a  key  variable  loader  and  verified  by 
the  key  variable  loader  (successful  parity  check),  there  shall  be  no  visual  or  mechanical  residue  of  the  key  variable 
available  to  a  person  having  access  to  the  key  variable  loader.  The  key  variaole  loader  shall  have  a  zeroize  capability 
controlled  by  operating  personnel. 
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3.2.L2.1  K«v  Variable  Transfer  Operation.  Electronic  key  variable  transfer  into  HES  crvotographic  eouipment  from  a 
key  variable  loaner  is  initiated  ay  the  DE5  crvptograohic  equipment  under  control  of  operating  oersonnel.  Operating 

personnel  shall  initiate  the  key  variable  transfer  by  some  manual  action  to  the  OFS  crvotograohic  equipment  which  will 

result  in  a  REQUEST  indication  being  sent  by  the  OES  cryptographic  equipment  to  the  kev  variable  loaner.  Upon  receipt 
of  REQUEST  indication,  the  key  variable  loader  will  provide  a  64-bit  serial  key  variable  on  the  DATA  circuit  and  an 
associated  64  cycles  of  clock  on  the  CLOCK  circuit.  The  timing  involved  in  this  DES  kev  variable  transfer  is  shown  in 
figure  I. 

3.2.1. 2.2  Interface  Circuits.  The  OES  key  variable  transfer  interface  shall  consist  of  nine  circuits:  C.ROUNn, 
REQUEST,  DATA,  CLOCK,  VOO,  and  four  undesignated  circuits.  The  functional  relationship  of  the  REQUEST,  PAT  A, 
and  CLOCK  circuits  is  shown  in  figure  L 

a.  GROUND.  This  circuit  is  connected  to  logic  ground  within  OES  crvotographic  equipment.  In  many 

equipment,  this  circuit  will  also  be  connected  to  chassis  ground,  internal  to  the  equipment. 

b.  REQUEST.  This  circuit  is  normally  OFF  (high).  It  turns  ON  (low)  as  a  result  of  an  action  by  operating 
personnel  to  initiate  a  key  variable  transfer.  REOUEST  is  generated  by  OES  crvptograohic  equipment. 

C.  OATA.  In  response  to  a  REQUEST  indication,  the  OATA  circuit  conveys  the  64  bits  of  OES  key  variable  to 
the  OES  cryptographic  equipment.  The  OATA  circuit  may  also  be  used,  under  control  of  the  undesignated 
circuits,  for  other  purposes.  OATA  is  generated  by  the  key  variable  loader. 

d.  CLOCK.  In  response  to  REQUEST  indication,  the  CLOCK  circuit  sends  64  clock  cycles  synchronously,  and  in 
a  specified  jhase  relationship  with  respect  to  the  key  variable  bits  on  the  PATA  circuit.  The  CLPCK  circuit  may 
also  be  used  for  other  purposes,  under  control  of  the  undesignated  circuits.  CLOCK  is  generated  by  the  key 
variable  loader.  nES  cryptographic  equipment  shall  respond  to  only  the  first  64  clock  cvcles  (and  ignore  any 
additional  clock  cvcles)  associated  with  a  given  PES  key  variable  transfer  in  response  to  a  REQUEST  indication. 

e.  VPP.  This  circuit  is  connected  to  a  regulated  520.5  volt  power  suooiv  within  the  PF.5  crvptograohic 
equipment.  VDD  provides  a  positive  logic  voltage  reference  for  key  variable  loaders  with  floating  ground  and 
negative  internal  logic  (such  as  the  KOI-18). 

f.  Undesignated  Circuits.  Use  of  the  four  undesignated  circuits  is  optional,  and  thev  can  be  used  for  any 
function  associated  with  key  variable  management  and/or  equipment  controL  The  electrical  parameters  of  these 
undesignated  circuits,  if  used,  must  conform  to  the  general  electrical  requirements  contained  in  section  3.2.1. 2.3 
and  table  3  of  this  standard.  Specifically,  undesignated  output  and  input  circuits  shall  meet  the  requirements  of 
sections  3.Z1.2.3.a  and  3.2.1. 2.3.b  of  this  standard,  respectively.  OES  cryptographic  equipment  shall  be  capable  of 
accepting  key  variaoles  from  key  variable  loaders  which  do  not  have  or  use  the  unaesignated  circuits. 

3.2.1.2.3  Electrical  Interface  Characteristics.  The  electrical  characteristics  in  this  section  aooiy  at  the  PES 
cryptographic  equipment  connector  used  for  electronic  key  variable  entrv.  All  electrical  measurements  are  with  resoect 
to  GROUND.  Logic  levels  for  the  circuits  are  defined  in  table  3  and  are  compatible  with  commercially  available 
4000-series  CMOS  digital  integrated  circuits  operated  from  a  five-volt  power  source.  The  logic  levels  in  table  3  shall  be 
met  for  the  following  load  conditions: 

a.  R  EQUEST.  The  output  voltage  levels  in  table  3  shall  be  met  when  driving  loads  greater  than  30  kohms  with 
shunt  capacitances  less  than  200  pF. 

b.  PATA  and  CLOCK.  These  input  circuits  shall  function  prot.;rly  when  the  inout  voltage  levels  in  table  3  are 
applied  to  input  loaos  greater  than  200  kohms  with  shunt  capacitances  less  than  30  pF. 

3.2.1. 2.4  Mechanical  Interface  Characteristics.  DES  crvptograohic  eauioment  shall  be  phvsically  connected  to  a  key 
variable  loader  via  a  cable,  not  to  exceed  one  "meter  in  length,  using  the  type  of  nine-position  connector  specified  in 
Federal  Standard  1031  (based  upon  Electronic  Industries  Association  standard  RS-44F).  PES  crvptograohic  equipment 
shall  provide,  via  front  panel  access  (under  lock  control),  the  female  nine-position  connector  with  latching  blocks,  for 
electronic  key  variable  entry.  The  cable  from  the  key  variable  loader  shall  use  a  matching  male  ntne-oosition  connector: 
one  capable  of  latching.  The  position  assignments  for  this  connector  are  contained  in  table  4. 

3.2.2  Parity.  The  parity  of  unencrypted  DES  kev  variables  shall  be  verified  during  entry,  whether  manual  or 
electronic,  ano  during  any  subsequent  transfer  within  DES  cryptographic  equipment,  to  ensure  that  no  accidental 
single-bit  modification  of  a  key  variable  has  occurred.  Each  group  of  eight  bits  shall  be  of  odd  parity,  as  defined  in 
Federal  Information  Processing  Standards  Publication  46. 

3.2.3  Zeroization.  Any  detected  attemot  to  gain  access  to  the  internal  components  of  PES  cryptographic  equipment, 
through  disassemoiy  of  the  equipment  (e.g.,  removal  of  case),  shall  automatically  zeroize  the  key  variable  and,  in  the 
Cipher  Block  Chaining  mode,  the  Initializing  Vector.  AH  kev  variable  storage  locations,  exceot  those  containing  test  key 
variables  and  encrypted  key  variables,  must  be  capable  of  being  zeroized.  The  ability  to  inhibit  the  zeroization  feature 
shall  be  provided  in  the  interior  of  equipment  for  maintenance.  This  inhibit  feature  must  not  be  accessible  until  the 
equipment  has  been  opened  for  maintenance.  A  means  shall  be  provided  to  automatically  disengage  the  internal  inhibit 
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feature  and  zeroize  the  maintenance  test  key  variable  in  the  DES  device  before  OES  cryptographic  equioment  is  returned 
to  the  operational  mode.  A  means  shall  also  be  provided  to  ensure  that  OES  cryptographic  equipment  is  not  able  to 

fand  decrypt  when  in  the  zeroized  state. 

Kev  Variable  Storage.  After  initial  key  loading,  all  unencrypted  key  variables  shall  be  stored  insiae  OES 
aonic  equipment,  in  order  to  receive  the  protection  associated  with  the  security  requirements  of  this  standard, 
i  must  be  provided  to  assure  that  unencrypted  kev  variables  cannot  visually  or  electrically  be  read  out  of  DES 
aphic  equipment.  If  key  variables  are  read  out  of  OES  cryptographic  equioment  for  purposes  of  transmission, 
they  must  be  encrypted  first.  Key  variables  must  be  stored  in  erasable  electronic  storage  (e.g.,  random  access  memor, 
shift  registers,  the  OES  device,  etc.).  OES  cryptographic  equipment  must  also  have  the  ability  to  maintain  their  kc  / 
variables  whenever  primary  power  is  interrupted.  Except  for  key  variables  residing  in  "final"  locations  (actual  use  or 
protection  against  power  interruption)  within  OES  cryptographic  equipment,  the  appearance  of  a  key  variable  in  any 
intermediate  storage  location  within  OES  cryptographic  equioment  must  be  only  temporary  (e.g.,  as  a  part  of  the  key 
variable  entry  or  testing  process)  and  ail  such  temporary  storage  locations  must  be  zeroized  upon  transfer  of  the  «.uy 
variable  to  one  of  its  "final"  locations.  The  DES  key  variable,  when  routed  internally  within  DES  cryptographic 
equipment,  shall  be  routed  in  such  a  manner  as  to  prevent  external  access  to  the  key  variable,  either  inadvertently  or  due 
to  the  single  failure  of  an  electronic  component. 

3.3  Initializing  Vector  (IV).  Initializing  vectors  can  be  produced  using  the  OES  algorithm,  a  key  variable,  and  input 
data  generated  internally;  or  they  can  be  derived  from  another  random  or  pseudorandom  source.  New  IVs  shall  be 
derived  such  that  all  possible  IVs  (N  bits  long)  are  equally  likely  (i.e.,  have  a  probable  occurrence  of  2_N).  A  means 
shall  be  provided  to  assure  the  introduction  of  new  initializing  vectors  following  the  loading  of  new  key  variables,  ret'  -n 
of  primary  power  after  a  power  interruption  (except  for  in  the  Cipher  Block  Chaining  encryption  mode),  or  upon  start-up 
after  the  OES  device  has  been  zeroized  or  reset  (e.g.,  when  the  device  is  first  brought  into  service  or  after  a.  battery 
change).  The  following  IV  requirements  also  apply; 

a.  An  IV  shall  be  used  to  initiate  every  ciphertext  chain  (see  proposed  Federal  Standard  1026). 

b.  When  the  Cipher  Feedback  encryption  mode  is  used,  the  IV  shall  contain  a  minimum  of  48  bits,  may  be 
transmitted  unencrypted,  and  shall  be  newly  generated  for  every  ciphertext  chain. 

c.  When  the  Cipher  Block  Chaining  encryption  mode  is  used,  the  IV  shall  contain  64  bits,  shall  be  encrypted  prior  to 
transmission,  and  need  be  newly  generated  only  when  a  new  key  variable  is  entered  into  a  OES  device. 

d.  When  the  Output  Feedback  encryption  mode  is  used,  the  IV  shall  contain  64  bits,  and  mav  be  transmitted 
unencrypted. 

t.l  Initializing  Vector  Retention.  Except  in  the  Cipher  Block  Chaining  mode,  the  last  initializing  vector  used 
uld  be  retained  in  storage  during  an  interruption  of  primary  power,  if  it  is  to  be  used  to  generate  a  new  initializing 
Mr  upon  resumption  of  operation.  In  the  Cipher  Block  Chaining  mode,  the  initial  IV  should  be  retained  for  reuse  to 
Hiate  the  need  to  retransmit  it  securely. 

3.4  Encryption  Function  and  Alarms 


3.4.1  Modes.  Four  modes  of  implementing  the  OES  have  been  approved.  These  modes  are  described  in  detail  in 
Federal  Imormation  Processing  Standards  Publication  81.  The  Cipher  Feedback  and  Cipher  Block  Chaining  modes  are 
intended  for  encryption  of  narrative  text  and  Automatic  Data  Processing  (ADR  data,  for  transmission  over 
communications  channels.  The  Output  Feedback  mode  is  intended  for  applications  where  error  extention  due  to 
encryption /decryption  cannot  be  tolerated.  The  Electronic  Codebook  mode  is  approved  for  the  encryption  and  decryption 
of  Data  Encrypting  Keys  (DEK’s)  and  IV's,  for  transmission  over  telecommunication  systems.  Use  of  the  Electronic 
Codebook  mode  for  other  purposes,  and  use  of  other  encryption/decryption  modes,  shall  be  approved  by  the  responsible 
U.  S.  Government  agency,  as  designated  in  section  1.4. 

3.4.2  Encryption  Tests.  DES  cryptographic  equioment  shall  be  designed  to  provide  for  automatic  testing  of  the 
encryption  function,  in  addition  to  anv  other  self-testing  methods  that  are  provided.  To  ensure  that  DES  cryptographic 
equipment  is  not  used  to  encrypt  messages  after  it  has  failed,  one  of  the  following  two  methods  shall  be  employed; 

3.4.2. 1  Method  I.  Two  DES  kev  generators  shall  be  used  to  do  the  same  encryption  of  plaintext  data.  Their  outputs 
shall  be  compareo.  Anv  difference  between  the  outputs  shall  generate  an  alarm  and  shall  cause  the  ciphertext  output  to 
immediately  cease  until  operating  personnel  eliminate  the  error  condition,  or  take  such  other  action  as  may  be 
prescribed  bv  aooroved  operational  procedures.  A  means  to  automatically  test  the  comparator  circuits  and  associated 
inhibiting  circuits  (e.g.,  cause  an  intentional  error)  shall  be  provided. 

3.4.2.2  Method  2.  An  acceptable  alternative  to  the  continuous  comparison  of  the  outputs  of  two  key  generators 
operating  in  parallel  is  the  use  of  a  single  key  generator  whose  integrity  is  verified  by  both  of  the  following  two  tests  (or 
just  the  5-box  test  if  it  is  run  at  the  frequency  prescribed  for  the  DES  checkword  test).  These  tests  do  not  strictly  meet 
the  security  obiective  stated  in  section  1.2.e,  but  they  do  serve  to  limit  the  transmission  of  data  under  critical  failure 
conditions. 
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3. 4. 2.2. 1  S-Box  Test.  This  test  consists  of  loading  one  or  more  known  kev  variables  (test  variables)  and  ....  or  m0r» 
known  64-bit  inputs  into  the  transmit  DES  device  and  operating  the  DES  kev  generator  until  all  'l-box  entrv  combinations 
for  each  S-box  have  been  applied.  The  final  output(s)  are  then  compared  with  all  64  bits  of  the  known  rorrert  resultfs) 
(determined  previously,  off-line,  and  stored  in  the  equipment).  If  thev  fail  to  compare,  an  alarm  shall  be  automatically 
generated  and  all  ciphertext  output  shall  be  inhibited  untii  operating  personnel  eliminate  the  error  condition,  or  take 
such  other  action  as  prescribed  bv  approved  operating  procedures.  A  means  of  automatically  testing  the  comparator 
circuits  and  associated  inhibiting  circuits  (i.e..  cause  an  intentional  error)  shall  be  provided.  (Descriptions  of  several 
S-box  tests  are  contained  in  National  Bureau  of  Standards  Special  Publications  500-20  and  500-nl). 

3.4. 2.2.2  DES  Checkword  Test.  After  a  new  DES  key  variable  is  loaded  into  the  DES  crvptograohic  equipment,  and 
after  the  S-box  test  nas  been  performed,  a  known  64-0it  input  word  is  encrypted  in  the  new  kev  variable  and  the  resulting 
64-bit  checkword  is  stored.  This  checkword  shall  be  retained  in  storage  and  used  until  the  new  kev  variable  is 
superceded.  The  DES  checkword  test  consists  of  encrvpting  the  known  64-bit  input  word  in  the  current  DES  kev  variable 
and  comparing  the  result  with  all  64  bits  of  the  checkword.  If  thev  fail  to  compare,  an  alarm  shall  be  automatically 
generated  and  the  ciphertext  output  of  the  DES  cryptographic  equipment  shall  be  inhibited  until  ooerating  personnel 
eliminate  the  error  condition,  or  take  such  other  action  as  prescribed  by  aooroved  ooerating  procedures.  A  means  of 
automatically  testing  the  comparator  circuits  and  associated  inhibiting  circuits  (i.e.,  cause  an  intentional  error)  shall  be 
provided.  The  S-box  tert  mav  be  used  in  place  of  the  DES  checkword  test,  if  advantageous.  When  this  is  done,  the  S-box 
test  must  be  run  at  the  frequency  prescribed  for  the  nES  checkword  test. 

3. 4.2.3  Frequency  of  Testing.  When  two  DES  devices  are  ooerated  in  parallel  (see  section  3.4.2.!),  the  self-checking 
is  continuous.  When  only  one  device  is  used  with  the  S-box  and  DES  checkword  tests  (see  section  3. 4.2.2),  testing  of  the 
DES  device  is  not  continuous.  In  such  an  instance,  the  S-box  test  shall  be  accomplished  to  ensure  correct  operation  of 
the  device  at  the  time  of  key  variable  entry,  and  the  DES  checkword  test  shall  be  accomplished  prior  to  eacn  use  of  an 
initializing  vector.  Automatic  testing  of  the  comparator  circuits  used  in  implementing  method  1  or  2  (see  sections 
3.4.2.!  and  3. 4. 2. 2)  shall  be  performed  when  practical,  but  no  less  frequently  than  upon  each  DES  key  variable  entry  into 
the  DES  device. 

3.4.3  Other  Tests 


3.4.3. 1  Control  Field  Recognition.  In  automatic  data  processing  and  narrative  text  telecommunication  applications, 
provision  shall  be  made  to  verify  that  stand-alone  DES  cryptographic  equipment  can  recognize  implicit  or  explicit 
control  fields  signalling  the  start  of  encryption  (e.g.,  START  OF  TEXT).  A  means  of  automatically  testing  the 
above-mentioned  functions  (Le.,  cause  intentional  errors)  shall  be  provided.  When  the  control  field  recognition  functions 
are  tested,  failure  of  DES  cryptographic  equipment  to  recognize  and  act  upon  these  fields  shall  inhibit  operation  in  the 
secure  mode  and  generate  an  alarm.  Provision  may  be  made  internal  to  DES  cryptographic  equipment  to  conveniently 
override  this  feature  to  facilitate  maintenance.  When  the  DES  crvptograohic  eauioment  function  is  integrated  into  Data 
Terminal  Equipment  (DTE),  and  data  is  encrvpted  as  a  conseauence  of  being  processed  within  the  DTE,  the  requirement 
to  check  the  ability  to  recognize  these  control  fields  mav  not  be  necessary.  In  these  cases,  where  the  DTE  provides  but 
does  not  check  the  control  field  recognition  functionts),  the  DTE  design  shall  assure  that  data  intended  for  encryption 
will  always  be  encrypted  and  will  never  be  transmitted  unencrypted. 

3. 4. 3. 2  Chain  Identification  (CID),  Manipulation  Detection  Code  (MDC)  and  Message  Authentication  Code  (MAC).  In 
systems  which  utilize  the  CID,  MDC,  or  MAC  fields,  an  alarm  shall  be  generated  wnen  the  received  MDC,  CID,  or  MAC 
mismatches  (i.e.,  does  not  compare)  with  the  expected  value.  When  DES  crvptograonic  equipment  is  generating  and 
checking  the  CID,  MDC,  or  MAC  fields  and  mismatch  occurs,  the  DES  crvptograonic  equipment  shall  generate  an  alarm. 
CID's  shall  not  be  repeated  for  a  given  key  variable  period.  When  DES  crvptograohic  equipment  is  generating  the  CID, 
the  equipment  shall  generate  an  alarm  when  the  CID  counter  reaches  its  maximum  value.  In  fuil-duolex  and  multidrop 
applications,  provision  must  be  made  to  assure  that  CID's  are  not  duplicated  by  the  various  terminals.  Details  of  the 
CID,  MDC,  and  MAC  fields  are  described  in  prooosed  Federal  Standard  1026.  DES  crvptograohic  eauioment  (or  a  DTE  or 
DCE  providing  the  CID,  MDC,  or  MAC  functions)  must  also  be  capable  of  testing  the  comoaratorfs)  used  to  comoare  a 
received  CID,  MDC,  or  MAC  with  the  expected  or  locailv  derived  value  (e.g.,  cause  an  intentional  error).  If  a  CID,  MDC, 
or  MAC  comparator  fails  its  test,  an  alarm  shall  be  generated,  and  operation  in  the  secure  mode  shall  cease. 

3.4.3.3  Other  Ciohertext-Inhibit  Tests.  In  addition  to  the  conditions  described  in  section  3.4.2  and  previous 
paragraphs  in  section  3.4.3,  cipnertext  output  of  DES  cryptographic  eauioment  is  also  inhibited  bv:  (a)  transfer  of  a  DES 
kev  variable  into  a  DES  device,  (b)  zeroization  of  DES  crvptograohic  equipment,  (c)  use  of  the  test  mode,  and  (d)  use  of  a 
DES  device  for  a  function  other  than  the  encryption  of  plaintext  data  (e.g.,  generating  an  IV,  computing  an  MAC).  DES 
cryptographic  equipment  shall  be  capable  of  testing  that  the  conditions  described  in  (a),  (b),  (c),  and  (d)  aoove  are  caoaole 
of  inhibiting  ciphertext  output. 

3. 4. 3. 4  Parity  Check  Verification.  DES  cryptographic  equipment  and  key  variable  loaders  shall  be  caoaole  of  testing 
that  DES  key  variaoles  wttn  improper  parity  can  be  detected. 

3.4.3.3  Frequency  of  Testing.  The  ability  of  DES  cryptographic  equipment  (and  DTE's  or  OCE's  providing  the  CID, 
MDC,  or  MA<_  (unctions)  to  recognize  the  control  fields  described  in  section  3.4. 3. 1,  to  perform  the  comparisons 
described  in  section  3.4.3.2,  and  to  generate  an  alarm  when  an  error  or  mismatch  resulting  from  the  use  of  these 
functions  is  detected,  shall  be  checked  at  the  same  frequency  required  for  the  DES  checkword  test  (see  section  3.4. 2.3). 
The  MAC  comparator  shall  be  checked  once  per  authenticated  message.  The  tests  described  in  sections  3.4. 3.3  and 

3. 4. 3. 4  shall  be  performed  at  the  same  frequency  as  the  S-box  test. 
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3.5  Fail-Safe  Design  R equirements.  DES  cryptographic  equipment  design  shall  not  contain  potential  single  failures 

which  could  comoromise  DES  key  variables,  or  affect  the  initialization  process.  Specif icallv,  HES  crvptograohic 
^^quipment  design  shall  not  permit  potential  single  failure  conditions  which  could  result  in:  (I)  transmission  of  the  kev 
r^^nable,  or  any  portion  thereof,  or  (2)  transmission  in  depth  (reuse  of  the  same  IV)  due  to  faulty  or  insufficient 
t  ^^fomization.  When  firmware  techniques  are  used  to  control  the  crvptograohic  functions  described  above,  sufficient 
^^^A;uards  shall  be  incorporated  to  ensure  proper  operation  of  the  firmware.  (Note:  Other  critical  areas  (such  as  plain 
^^^^Phandling,  alarms,  and  alarm  checks)  that  may  be  affected  bv  undetected  failures  also  deserve  special  consideration 
^^Rlesign). 


3.6  Test  Mode.  DES  cryptographic  equipment  shall  have  a  test  mode  which,  when  used,  will  assure  that  the  equipment 
is  operating  as  intended.  At  a  minimum,  the  test  mode  shall  perform  an  S-box  test,  when  using  Method  2  (see  section 
3. t*. 2- 2),  and  test  all  security  alarm  circuitry.  In  the  test  mode,  a  test  0E5  key  variables)  shall  be  used.  The  ciphertext 
output  of  DES  cryptographic  equipment  shall  be  inhibited  while  in  the  test  mode.  However,  a  means  may  be  provided  for 
maintenance  personnel  to  override  the  ciphertext  output  inhibit  feature  from  inside  the  equipment.  If  the  ciphertext 
inhibit  override  feature  is  implemented,  a  means  shall  be  provided  to  automatically  disengage  the  ciphertext  inhibit 
override  before  DES  cryptographic  equipment  is  returned  to  the  operational  mode.  DF.S  cryptograonic  equipment  shall 
prevent  the  test  key  variable  from  being  used  for  encryption/decryption  of  actual  olaintext/ciphertext  data. 


3.7  Control  Functions.  DES  cryptographic  equipment  shall  provide  for  the  following  controls  under  the  conditions 
listed; 


NAME 

FUNCTION 

CONDITIONS 

POWER  ON /OFF 

Turns  primary  power  (and  internal  battery) 

ON  or  OFF  and  causes  zeroization  of 
critical  storage  when  in  the  OFF 
position.  (See  section  3.9.) 

Optional  feature.  Lock  not  required. 

STANDBY  MODE 

Provides  the  capability  to  render  the 

DES  device  inoperable  during  unattended 
periods,  without  zeroizing  the  kev 
variable.  (See  section  3.1.3.) 

Required  when  equipment  is  not  in 
continuous  24-hour  a  dav  operation. 
Must  be  under  control  of  a  lock. 

ALARM  RESET 

k 

Provides  the  capability  to  clear  alarms 
after  a  fault  has  been  corrected  bv 
repeating  those  security  checks  which 
could  have  generated  the  alarm  condition. 
Performance  of  the  security  checks  must 
be  successful  (i.e.,  the  condition  causing 
the  adarm  must  have  been  corrected)  before 
the  alarm  state  can  be  exited.  The 
ciphertext  output  shall  be  inhibited  until 
the  alarm  state  is  exited. 

Required  on  all  equipment.  Must  be 
under  control  of  a  lock. 

TEST  MODE 

Causes  DES  cryptographic  equipment  to 
perform  tests  contained  in  section  3.6 
of  this  standard. 

Required  on  all  equipment.  Must  be 
under  control  of  a  lock. 

LAMP  TEST 

Provides  assurance  that  indicators 
are  operable. 

Optional  feature.  No  lock  required. 

KEY 

VARIABLE 

ENTRY 

Provides  for  external  entry  of  DES  key 
variablefs),  either  manually  or 
automatically.  (This  does  not  include 
"down-line  loading".)  Ciphertext 
output  shall  be  inhibited  during  entry 
of  the  key  variables  if  the  DES  key 
variables  are  automatically  placed 
in  a  DE5  device  as  a  result  of  entry. 

Required  if  external  key  variable 
entry  devices  are  used.  (See  section 
3.1.1) 

BYPASS  MODE 

Provides  the  capability  for  bypassing  the 

DES  device  arid  transmitting  plain  text 
when  DES  cryptographic  equipment  is  in 
an  alarm  condition  or  other  malfunction 
condition. 

Optional  feature.  Must  be  under 
control  of  a  lock. 

L 
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SECURE  MODE  Provides  capability  to  transmit  and 
receive  cipher  text. 


Optional  feature.  Must  be  under  control 
of  a  lock. 


ZEROIZE 


NOTE: 


Provides  capability  to  zeroize  ail  Required  feature  on  all  equipment, 

unencrypted  key  variables  (and  IV  in  No'lock  required. 

CSC  mode). 

It  is  not  necessary  to  provide  individual  locks  for  each  control  function.  Thev  mav,  for  instance,  be 
collocated  (within  the  constraints  of  section  3.1.1  of  this  standard)  behind  a  locked  cover  or  gated  by  a 
physical  key  switch. 


3.S  Status  Indicators.  DES  cryptographic  equipment  shall  provide  for  displav  of  the  following  indications  of  status 
under  the  conditions  listed  below. 


NAME 


FUNCTION 


CONDITIONS 


POWER  ON 

DES  BYPASS 

TEST 

BATTERY 

ALARM 


AUDIBLE 

ALARM 


Indication  that  proper  electrical  power  is 
available  for  equipment  operation. 

Indication  that  the  equipment  is  not  in  the 
encipher/decipher  state. 

Indication  that  DES  cryptographic  equipment 
is  in  a  test  mode,  as  opposed  to  an 
operational  mode. 

Indicates  whether  the  internal  battery  is 
operating  properly  and  is  capable  of 
retaining  critical  storage. 

Indication  that  an  error  in  operation  of  the 
DES  cryptographic  equipment  has  occurred  or 
that  attempted  tampering  has  been  detected. 
Ciphertext  output  must  be  automatically  and 
immediately  disabled  when  an  alarm  occurs, 
if  not  in  the  bypass  condition. 

Same  as  ALARM. 


PARITY  Indication  that  an  error  in  parity  has  occurred 

during  DES  key  variable  entry  or  during 
internal  transfer  of  the  key  variable. 

Further  internal  kev  variable  transfers  shall 
be  inhibited  until  the  condition  which  caused 
the  error  is  corrected  and  a  correct  key 
variable  has  been  entered. 


Required  only  when  power 
ON /OFF  switch  is  used. 

Required  when  BYPASS  control  is 
implemented. 

Required  on  all  equipment. 


Required  when  a  battery  is  used  as 
a  backup  energy  source. 


R  equired  on  all  equipment. 


Optional  feature.  Not  a  front  oanel 
indicator.  A  dry  contact  relay  type 
of  interface  shall  be  used  and  should 
be  available  on  the  rear  of  the 
equipment. 

Required  on  all  equipment. 


3.9  Retention  of  Critical  Storage.  Critical  storage  (e.g.,  kev  variable  final  storage  locations),  CIO’s,  IVs,  and  test 
data)  in  DES  cryptograpmc  equipment  shall  be  retained  during  primary  power  interruptions.  DES  cryptographic 
equipment  shall  have  a  means  of  determining  whether  critical  storage  has  been  properly  maintained  during  interruption 
of  primary  power. 

3.10  EMI/EMC  Requirements.  DES  cryptographic  equipment  shall  be  designed  and  constructed  to  meet  the 
Electromagnetic  Interterence/ Electromagnetic  Compatibility  (EMI/EMC5  requirements  of  M1L-STD-^*61B  for  class  A-3 
equipment.  Good  EMI  design  practices  should  be  followed  in  all  aspects  of  the  DES  cryptographic  equipment  design. 
DES  cryptographic  equipment  shall  comply  with  the  test  requirements  of  MlL-STU-462  as  specified  below  in  all  operating 
modes: 
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TEST  REQUIREMENT 

CEOI  Narrowband  measurements  only  required:  limits  specified  in  figure  4-1,  curve  1,  for 

Direct  Current  (DC)  and  Alternating  Current  (AC)  power  leads  and  control  and  signal 
leads. 

CE03  Figure  4-4,  curve  1,  broadband,  and  figure  4-3,  curve  l,  narrowband,  apply  for  DC  and 

AC.  power  leads  and  control  and  signal  leads. 

RE01  Figure  4-11  applies  with  the  following  modification:  The  limit  from  3  kHz  to  30  kHz 

shall  be  60  dB  above  1  pT. 

RE02  Figure  4-12,  narrowband,  and  figure  4-13,  broadband,  apply. 


4.  Deviations  and  Changes  to  Federal  Standard  1027.  When  a  Federal  Agency  considers  that  this  standard  does  not 
provide  for  its  essential  needs,  a  statement  citing  inadequacies  shall  be  sent  in  duplicate  to  the  General  Services 
Administration  (C),  Washington,  DC  20403.  The  General  Services  Administration  and  the  preparing  activity,  in 
accordance  with  Federal  Property  Management  Regulations  41  CFR  101-29.3,  will  determine  the  appropriate  action  to 
be  taken  and  will  notify  the  agency.  Manufacturers  and  suppliers  may  contact  the  preparing  activity  for  information 
regarding  precedures  for  requesting  approval  for  equivalent  methods  to  be  used,  to  meet  the  requirements  of  this 
•  standard.  Supplementary  guidance  concerning  requests  for  such  approval  is  being  provided  in  a  revision  to  Federal 
Property  Management  Regulation  41,  Code  of  Federal  Regulations  101-33.3. 


PREPARING  ACTIVITY: 

Communications  Security  Organization 

National  Security  Agency 

9800  Savage  Road 

Fort  George  G.  Meade,  MD  20755 


MILITARY  INTERESTS: 

Review  Activities 
Army  —  AD,  CR 

Navy  —  AS,  OM 
Air  Force  —  90 
DCA  -  DC 
TRI-TAC  -  TT 
DLA  —  DH 

User  Activities 
Navy  —  5H,  MC 

This  document  is  available  from  the  General  Services  Administration  (GSA),  acting  as  agent  for  the  Superintendent  of 
Documents.  A  copy  for  bidding  and  contracting  purposes  is  available  from  GSA  Business  Centers.  Cooies  are  for  sale  at 
the  GSA  Specification  Unit  (WF5I5),  Room  6039,  7tf1  and  D  Streets  S.W.,  Washington,  D.C.  20407;  telephone  (202) 
472-2203.  Please  call  in  advance  to  arrange  for  pickup  service. 


Military  Coordinating  Activity 

NSA  —  NS 

Custodians 
Army  —  SC 
Navy  —  EC 
Air  Force  —  02 


> 
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Parity  Bit 

Key  Variable  Bits 

Checked  By  Parity  Bit 

<8 

Kl,  K2.  K3,  K4,  KS,  K6.  K7 

K 1 6 

K9,  K 10,  <11,  <12,  <13,  <14,  <15 

<24 

<17,  <18,  <19.  <20,  <21,  <22,  <23 

K32 

<25,  <26,  <27,  <28,  <29,  <30,  <31 

<40 

<33,  <34,  <35,  <36,  <37,  <38,  <39 

K48 

<41,  <42,  <43,  <44,  <45,  <46,  <47 

<56 

<49,  <50,  <51,  <52.  <53,  <54,  <55 

<64 

<57,  <58,  <59,  <60,  <61,  <62,  <63 

TABLE  1 


Printed 

Symool 

OES  Key  Varlaole  31ts 

Significant 
•4  Most  Leasts 

VI 

Kl,  <2,  <3,  <4 

V2 

<5,  <6,  <7,  <8 

V3 

K9,  <10,  <11,  <12 

V4 

Kl 3,  <14,  <15,  <16 

V5 

<17,  <18,  <19,  <20 

V6 

<21,  <22,  <23,  <24 

V7 

<25,  <26,  <27,  <28 

V8 

<29,  <30,  <31,  <32 

V9 

<33,  <34,  <35,  <36 

V10 

<37,  <38,  <35,  <40 

VI 1 

<41,  <42,  <43,  <44 

V12 

<45,  <46,  <47,  <48 

V13 

<49,  <50,  <51,  <52 

V14 

<53,  <54,  <55,  K5b 

V15 

<57,  <58,  <59,  <60 

V16 

<61.  <62,  <63,  <64 

TABLE  2 
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logic  level 

Input  (Volts) 
Maximum  Minimum 

Output  (Volts) 
Maximum  Minimum 

HIGH  (logical  ONE) 

LOW  (logical  ZERO) 

5.0  4.0 

1.0  -2.0 

5.0  4.6 

0.5  0 

TABLE  3 


Position 

Function 

1 

GROUND 

2 

UNOESIGNATED 

3 

REQUEST 

4 

UNOESIGNATED 

5 

DATA 

6 

CLOCK 

7 

UNOESIGNATED 

8 

UNOESIGNATEO 

9 

Y00 

TABLE  4 
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REQUEST 


DATA 


CLOCK 


•  NOTE:  Or  uncll  the  firsc 

data  blc  la  received 


FIGURE  1 


Time 

Minimum 

Maximum 

T 

253  us 

(3960  Hz) 

781  uS 

(1280  Hz) 

rCH 

100  us 

— 

tCL 

100  us 

-- 

V 

-- 

20  us 

*CR 

— 

20  us 

tDC 

100  us 

— 

CRC 

300  us 

10  ms 

*RF 

— 

40  US 

lRR 

-- 

40  uS 

lR 

•  10  ms* 

-- 

he 

100  u  s 

— 

*o 

— 

20  uS 
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